oc-secrets-link man page

oc secrets link — Link secrets to a ServiceAccount


oc secrets link [Options]


Link secrets to a service account

Linking a secret enables a service account to automatically use that secret for some forms of authentication


type of secret to link: mount or pull

Options Inherited from Parent Commands

DEPRECATED: The API version to use when talking to the server

Username to impersonate for the operation.

Path to a cert. file for the certificate authority.

Path to a client certificate file for TLS.

Path to a client key file for TLS.

The name of the kubeconfig cluster to use

Path to the config file to use for CLI requests.

The name of the kubeconfig context to use

The Google Cloud Platform Service Account JSON Key to use for authentication.

If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure.

Maximum number of seconds between log flushes

Require server version to match client version

-n, --namespace=""
If present, the namespace scope for this CLI request.

The address and port of the Kubernetes API server

Bearer token for authentication to the API server.

The name of the kubeconfig user to use


# Add an image pull secret to a service account to automatically use it for pulling pod images:
oc secrets link serviceaccount-name pull-secret --for=pull

# Add an image pull secret to a service account to automatically use it for both pulling and pushing build images:
oc secrets link builder builder-image-secret --for=pull,mount

# If the cluster's serviceAccountConfig is operating with limitSecretReferences: True, secrets must be added to the pod's service account whitelist in order to be available to the pod:
oc secrets link pod-sa pod-secret

See Also



June 2016, Ported from the Kubernetes man-doc generator

Referenced By


Explore man page connections for oc-secrets-link(1).

Openshift Openshift CLI User Manuals June 2016